Leaks from U.S. intelligence contractor Edward Snowden have confirmed the fears of the most paranoid Americans — they’re being spied on. Last week, the National Security Agency (NSA) declassified a few details of its domestic and foreign data-mining and spying operations. Court documents also confirmed Washington was collecting metadata from Verizon cellphone customers. This program, which records the time, place and other details of the call, is not believed to be limited to one telecommunications company. A similar program was approved by Defence Minister Peter MacKay in Canada in 2011. Also revealed were a few tidbits about PRISM, a mostly secretive program that collects data from foreign sources from companies such as Skype, Google and Facebook. The National Post’s Jen Gerson spoke with Ashkan Soltani, an independent Washington-based technology consultant specializing in online privacy, to get a better understanding of the revelations.

Q: There seem to be two issues coming out simultaneously.

A: I think there’s four. The first is the revelation that Verizon and a few other carriers have been providing call metadata — all records for domestic calls throughout the country — to the NSA. It’s a way to identify persons of interest or to determine someone’s network [i.e., who you were associating with].

Then there’s PRISM. That [second leak] describes a program by which the intelligence community can get communications that are stored and prospective communications from these service providers, like Google.

The third was [President Barack Obama’s presidential directive] showing a desire to build offensive cyber capabilities, such as the ability to hack and surveil international targets using malware.

And the last is an overview of the NSA’s global information network. That’s just a screen shot showing what data the NSA has available, what information they’re able to collect. The most interesting of that shows how much content is coming from what geography, including the U.S. So those are the four, and I’m pretty sure there will be a few more.

Q: It doesn’t seem like the NSA is listening in on phone calls, they’re going after metadata. They’re trying to see who you call.

A: That’s the insight about the [first leak]. The Verizon 215 order is about metadata. But the PRISM program seems to suggestion the ability to obtain communications from calls such as Skype, VOIP, etc … though I don’t think they’re listening to every phone call all the time.

Q: It sounds like they’re taking all this data and running it through an algorithm to see what comes up.

A: For the first scenario [the cellphone metadata], yes. And this technique is actually quite effective. In a few instances it’s been extremely useful for identifying drug dealer operations, for example. You can look at the network topology and look at links between nodes to identify persons of interest, etc. You can see hub and spoke patterns; this guy calls out or gets calls in from 20 different people, or this one cellphone is an isolated node on the edge that only makes sporadic phone calls. The topology itself reveals things about the network that you wouldn’t normally be able to infer.

Q: Is that same philosophy behind PRISM?

A: No, the PRISM data is more if they have specific intel that they’re looking for … if we have intel that a reporter in Vancouver is a terrorist or whatever we’re going to ask for communications from the U.S. to Vancouver over this time period. They can get that, run an algorithm to see who’s been talking to X, Y, Z, maybe see your email address and your email to me.

Q: You told Wired magazine you didn’t think PRISM was automatic, that it was an application for submitting court orders.

A: No, I don’t think PRISM is this kind of carnivore type thing ingesting all emails that go to Gmail. I’m, like, 99% willing to bet my reputation on this. It’s probably a streamlined system for submitting large data requests to these companies and getting responses in an automated fashion that can then be ingested and mined for intel.

Q: So it’s possible they’re using this data to look at the very specific content of the messages of foreign people?

A: That’s right. From your [Canadian] perspective, that’s problematic. I’m sure half of Canada uses Gmail … The argument is: if you don’t have anything to hide, you don’t have to be worried. But it’s breaching the trust of service providers.

Q: It also targets people who have little ability to protest what you are doing.

A: Or even know. That’s one of the most problematic pieces of [the Foreign Intelligence Surveillance Act], it’s that these orders are secret. There’s no accountability. My problem is that there’s no transparency, no ability to say this is over-reach, this is information that is not appropriate for law enforcement.